|
196031
|
8.8 |
HIGH
Network
|
mastersoft
|
zook_agent
zook_viewer
|
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. Thi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-7877
|
2024-11-21 14:37 |
2021-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196032
|
8.8 |
HIGH
Network
|
raonwiz
|
raon_k_upload
|
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validatio…
|
CWE-20
Improper Input Validation
|
CVE-2020-7863
|
2024-11-21 14:37 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196033
|
5.4 |
MEDIUM
Network
|
sage
|
syracuse
|
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7390
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196034
|
7.2 |
HIGH
Network
|
sage
|
syracuse
|
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configura…
|
CWE-78
OS Command
|
CVE-2020-7389
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196035
|
9.8 |
CRITICAL
Network
|
sage
|
adxadmin
|
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While explo…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-7388
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196036
|
5.3 |
MEDIUM
Network
|
sage
|
adxadmin
|
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulner…
|
NVD-CWE-noinfo
|
CVE-2020-7387
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196037
|
9.8 |
CRITICAL
Network
|
tobesoft
|
xplatform
|
When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
|
CWE-20
Improper Input Validation
|
CVE-2020-7866
|
2024-11-21 14:37 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196038
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this a…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-7872
|
2024-11-21 14:37 |
2021-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196039
|
7.2 |
HIGH
Network
|
unidocs
|
ezpdf_reader
ezpdf_editor
|
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7870
|
2024-11-21 14:37 |
2021-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196040
|
8.8 |
HIGH
Network
|
mastersoft
|
zook
|
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to c…
|
CWE-20
Improper Input Validation
|
CVE-2020-7869
|
2024-11-21 14:37 |
2021-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
